OS Command Injection in Security Analytics

Summary

The Symantec Security Analytics web UI is susceptible to an OS command injection vulnerability. A remote unauthenticated attacker, who has access to the Security Analytics web UI, can execute arbitrary OS commands on the target with elevated privileges.

Affected Product(s)

The following products and product versions are vulnerable to the CVEs listed. If a CVE is not listed, the product or version is not known to be vulnerable to it.

Security Analytics (SA)

CVE |Supported Version(s)|Remediation
CVE-2021-30642 | 7.2 | Upgrade to 7.2.7
8.1 | Upgrade to 8.1.3-NSR3
8.2 | Upgrade to 8.2.1-NSR2 or 8.2.2

Issue Details

CVE-2021-30642

Severity / CVSS v3.1: | Critical / 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) References:| NVD: CVE-2021-30642 Impact:| OS command injection Description: | An input validation flaw in the Symantec Security Analytics web UI allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges.

Mitigation

CVE-2021-30642 is only exploitable in Security Analytics when the remote attacker can access the web UI. Security Analytics administrators can configure the on-appliance firewall to restrict web UI access to trusted IP addresses and subnets.

Revisions

2021-04-20 initial public release